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REMARKS 



Reconsideration and allowance of the above -referenced 
application are respectfully requested* 

After entry of this amendment, claims 1-3 and 6-23 and 25- 
29 will be pending in the case*. 

Claims 1-4, 7, 8 and 17 stand rejected under 35 USC 102(e) 
as allegedly being anticipated by Flint, 

Claims 5-6 stand rejected over Flint in view of Green, 
Claims 9-16 stand rejected over Flint in view of Green- 
Claims 18-20 stand rejected over Flint in view of Green, 
In addition, claims 21-24 stand rejected over Flint in view 
of Green in view of Cunningham. 

In response, each of the independent claims, including 
claims 1, 9, 17 and 21 have been amended to further emphasize 
their patentable distinctions. As amended, each of these claims 
are completely patentable over the cited prior art . 

Claim 1 has been amended to recite that the connection is a 
virtual private network connection, which by itself 
distinguishes over Flint which teaches a technique for use in a 
firewall- Even assuming that teachings of Flint could be used 
in a virtual private network, the subject matter of amended 
claim 1 is not in any way taught or suggested by the cited prior 
art ♦ 
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An important feature of the present system is the way the 
client gets policies for secure connections over virtual private 
networks, and enforces the policies from the VPN over the 
network, in a special way. The policies are effectively ways of 
defining the conduits for data traffic. The policies define 
what can and cannot be done over the network, but do so with 
context. Claim 1 has been amended to recite that the remote 
system has predetermined configuration information and allows 
one application program to run, Claim 1 also recites that the 
activities in the system are regulated both based on the 
security policies and context of the at least one application 
program, including at least a state of running of the 
application program. 

An advantage of this ie described in the specification. 
For example, using a word processing example, word processing 
packets may be allowed only when the word processing program is 
actually running, A raw policy may simply say packets of type x 
can be allowed through the secure connection. However, certain 
viruses and worms operate by masquerading their packets as other 
packets. If an attacker knows they can masquerade the packet as 
a word processing file, then it can simply do so. However, by 
regulating the system based on the context of application 
program including its running state, as claimed, this security 
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hole can possibly be filled. A word processing packet cannot 
get through this system, for example, when the word processing 
application program is not running. Therefore, this system may 
be more secure than other comparable systems for this reason, 

Flint teaches nothing about this kind of security policy. 
The security policy of Flint may be configured to block certain 
kinds of packets and certain kinds of scripts and certain kinds 
of poets. There is nothing teaching or suggesting, however/ 
that the packet blocking is based not only on the access rules, 
but also the running state of an application program . 

Admittedly, Flint does teach that the access rules are 
formed using decision trees allowing decisions to be made for 
criteria such as time of day or the like. However, there is no 
decision rule stated in Flint which teaches or suggests using 
the running state of an application program. 

Filters are also described as beginning at the bottom of 
column 4, Again, there is no teaching or suggestion of policies 
which are enforced based on the running state of at least one 
application program. 

Claim 9 has been amended in a comparable way to include 
comparable limitations and should be allowable for similar 
reasons to those discussed above. Claim 9 was rejected based on 
Flint in view of Green. Green does not make up the missing 



13 

PAGE 15/17* RCVD At 3/4/2004 8:17:22 PM [Eastern Standard Time] * SVR:USPT0-EFXRF-1/2 * DNIS:8729306 * CSID:1 858 678 5099 ' DURATION (mm-$s):0542 



03/04/2004 17:22 FAX 1 858 678 



#3 



FISH AND RICHARDSON 




@l 016/017 



Attorney Docket No, 10559-148001 

Serial No.: 09/539,928 

Amendment dated March 4, 2004 

Reply to Office Action dated December 4, 2003 



teaching noted above, Specifically, Green teaches techniques 
for type enforcement, and reviewing of packets and packet 



features noted above, specifically using the state of the 
application program as well as the policies to determine whether 
to accept or reject packets. 

Claim 17 has been amended in a similar way, and should be 
allowable for similar reasons. 

Claim 21 has been amended to include the limitations of 
claim 24 therein which has now been cancelled. Claim 24 was 
rejected based on Flint in view of awaiting for and further in 
view of Cunningham. Cunningham clearly does show network 
access, as noted above* However, nowhere in Cunningham is there, 
any teaching or suggestion of using the running state of the 
application in connection with the policies to determine access, 
as claimed. 

The newly added dependent claims defined further details 
about this operation, and should each be independently allowable 
over the prior art which does not suggest for so this subject 
matter. 

It is believed that all of the pending claims have been 
addressed in this paper* However, failure to address a specific 
rejection, issue or comment, does not signify agreement with or 
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concession of that rejection, issue or comment. In addition, 
because the arguments made above are not intended to be 
exhaustive, there may be reasons for patentability of any or all 
pending claims (or other claims) that have not been expressed. 
Finally, nothing in this paper should be construed as an intent 
to concede any issue with regard to any claim, except as 
specifically stated in this paper, and the amendment of any 
claim does not necessarily signify concession of unpatentability 
of the claim prior to its amendment. 

In view of the above amendments and remarks, therefore, all 
of the claim should be in condition for allowance, A formal 
notice to that effect is respectfully solicited. 

Please apply any charges or credits to Deposit Account 
No. 06-1050. 



12390 El Camino Real 
San Diego, CA 92130 
Telephone: (858) 678-5070 
Facsimile: (858) 678-5099 

10372SQ8.<Joc 



Date: March 4, 2 004 




"§^tt C. Harris 
Attorney for Intel Corporation 
Reg- No. 32,030 



Fish & Richardson P.C. 
PTO Customer Number: 



20985 
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